As businesses continue to adopt cloud computing and move their operations to the cloud, it’s crucial to ensure the security of their cloud environment. Amazon Web Services (AWS) is the leading cloud platform, but with the ease of use comes the responsibility of securing the data, applications, and services deployed on the cloud.

AWS provides a vast array of security services, but it can be challenging to keep track of all the activities and changes happening in your AWS account. That’s where the AWS Security Survival Kit (ASSK) comes in. This comprehensive and free open-source kit sets up basic proactive monitoring and alerting on common suspicious activities in your AWS account.

The kit uses CloudFormation templates to deploy EventBridge (CloudWatch Event) Rules and CloudWatch Metric Filters and Alarms on a selection of 🏴‍☠️ suspicious activities. It also comes with a CloudWatch Dashboard to give you more insights into what is ringing the alarm bells. With the ASSK, you can bring proactive security monitoring and alerting to your AWS account, complementing the GuardDuty service.

The following suspicious activities are currently supported by the AWS Security Survival Kit:

  1. Root User activities
  2. CloudTrail changes (StopLogging, DeleteTrail, UpdateTrail)
  3. AWS Personal Health Dashboard Events
  4. IAM User changes (Create, Delete, Update, CreateAccessKey, etc.)
  5. MFA Monitoring (CreateVirtualMFADevice, DeactivateMFADevice, DeleteVirtualMFADevice, etc.)
  6. Unauthorized Operations (Access Denied, UnauthorizedOperation)
  7. Failed AWS Console login authentication (ConsoleLoginFailures)
  8. EBS Snapshots Exfiltration (ModifySnapshotAttribute, SharedSnapshotCopyInitiated, SharedSnapshotVolumeCreated)
  9. AMI Exfiltration (ModifyImageAttribute)
  10. Who Am I Calls (GetCallerIdentity)
  11. IMDSv1 RunInstances (RunInstances && optional http tokens)

For the best experience, you can also set up AWS Chatbot to get notified directly on Slack.

CW Metrics Graph Count

In conclusion, the AWS Security Survival Kit is a must-have tool for businesses and individuals who are using AWS. With this kit, you can bring proactive security monitoring and alerting to your AWS account and ensure the security of your cloud environment. The kit was developed by my AWS consulting boutique, zoph.io.

Give it a try, it’s free! ❤️ AWS Security Survival Kit

That’s all folks!

zoph.